# create a new mirrorlist server
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mirrorlist2:mirrorlist2-stg"

- name: make the box be real
  hosts: mirrorlist2:mirrorlist2-stg
  user: root
  gather_facts: True

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - name: Install policycoreutils-python
    yum: pkg=policycoreutils-python state=present

  - name: Create /srv/web/ for all the goodies.
    file: >
        dest=/srv/web state=directory
        owner=root group=root mode=0755
    tags:
    - httpd
    - httpd/website

  - name: check the selinux context of webdir
    command: matchpathcon /srv/web
    register: webdir
    always_run: yes
    changed_when: "1 != 1"
    tags:
    - config
    - selinux
    - httpd
    - httpd/website

  - name: /srv/web file contexts
    command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
    when: webdir.stdout.find('httpd_sys_content_t') == -1
    tags:
    - config
    - selinux
    - httpd
    - httpd/website

  roles:
  - base
  - rkhunter
  - nagios_client
  - geoip
  - hosts
  - fas_client
  - collectd/base
  - apache
  - httpd/mod_ssl

  - role: httpd/certificate
    name: wildcard-2014.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/website
    name: mirrorlist-phx2.stg.phx2.fedoraproject.org
    cert_name: wildcard-2014.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    name: wildcard-2014.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
    when: env != "staging"

  - role: httpd/website
    name: mirrorlist-phx2.fedoraproject.org
    cert_name: wildcard-2014.fedoraproject.org
    server_aliases:
    - mirrorlist-dedicatedsolutions.fedoraproject.org
    - mirrorlist-host1plus.fedoraproject.org
    - mirrorlist-ibiblio.fedoraproject.org
    - mirrorlist-ibiblio02.fedoraproject.org
    - mirrorlist-osuosl.fedoraproject.org
    when: env != "staging"

  - mirrormanager/mirrorlist2
  - sudo
  - { role: openvpn/client,
      when: env != "staging" }

  tasks:
  # this is how you include other task lists
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"
  - include: "{{ tasks }}/mod_wsgi.yml"


  handlers:
  - include: "{{ handlers }}/restart_services.yml"
